What is access Control? In the world of Information security the access control means performing selective restriction to a place or other resources in the system. Permission to access any resource of the System is called Authorization. A process by which users are granted access and certain privileges to systems, resources or information can be called as access Control. In access control systems, users must have credentials prior they can be granted access. In information security, access control has various mechanism such as authorization, authentication and audit of the entity trying to gain access. Access control models have a subject and an object. The subject is referred to human user, the one trying to gain access to the object - usually the software or system resource. In information security, an access control list includes a list of …show more content…
ABAC uses attributes as the building blocks to define access control rules and access requests. This is done through a structured language called the eXtensible Access Control Markup Language (XACML), which is as easy to read or write as a natural language. In an attribute-based access control system, any type of attribute such as user attributes and resource attributes are used to determine access. These attributes are compared to defined static values or even to other attributes, which turns it into a relation-based access control. Attributes come in key-value pairs such as "Role=Supervisor," which can be used to limit access to a certain feature of a system. In this case only users with the designation of supervisor or higher can be given access to that feature or system. In an ABAC system, rules are written using XACML. For example, a rule could state: "Permit managers to access financial data provided they are from finance